PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
467aced734765d80df4f5770c994fd6cb500ce29
xamxam/apps/public/tests/MIGRATION_SUMMARY.md
Théophile Gervreau-Mercier 467aced734 Restructure repository and implement secure search feature 
Phase 1: Consolidate shared infrastructure
- Create shared/ directory for common code
- Consolidate Database.php from front-backend and formulaire into unified shared/Database.php
  - Smart path detection for test.db vs posterg.db
  - Secure search with wildcard escaping and input validation
  - Support both singleton and direct instantiation patterns
  - Full CRUD methods for admin functionality
- Move RateLimit.php to shared/ (30 requests/min)
- Update all require paths across apps to use shared/

Phase 2: Reorganize directory structure
- Rename front-backend/ → apps/public/
- Rename formulaire/ → apps/admin/
- Rename db/ → database/
- Update all file paths for new structure
- Create root .gitignore excluding databases, cache, logs

Implement secure search feature
- Add apps/public/search.php with full-text search across theses
- Search filters: query, year, orientation, AP program, keywords
- Security features:
  - SQL injection prevention (prepared statements)
  - Wildcard injection prevention (escape % and _)
  - Input validation (max 200 chars, year range 1900-2100)
  - Rate limiting (30 req/min per IP)
  - Pagination limited to 100 results/page
  - XSS protection (htmlspecialchars on output)

Add comprehensive test suite
- Create apps/public/tests/ with proper structure
  - tests/Integration/SearchTest.php - 12 search scenarios
  - tests/Security/SecurityTest.php - vulnerability testing
  - tests/Unit/RateLimitTest.php - rate limit behavior
- Create database/fixtures/CreateTestDatabase.php
- Add apps/public/run-tests.php test runner
- All tests passing (4/4 suites)

Update deployment configuration
- Rename justfile 'sync' recipe to 'deploy'
- Create deploy group with separate deploy-public and deploy-admin
- Add test-deploy recipe for test database
- Exclude *.db, tests/, cache/, *.md from production deploy
- Deploy shared/ to both public and admin locations

Stats: +4482 insertions, -654 deletions across 72 files
2026-02-02 18:53:58 +01:00

307 lines
9.3 KiB
Markdown
Raw Blame History

# Test Migration Summary
## ✅ Tests Reorganized Following PHP Standards
The test files have been reorganized to follow PHP testing best practices.
---
## What Changed
### Before (Non-Standard)
```
front-backend/
├── test_search.php ❌ Tests in root
├── test_security.php ❌ Would deploy to production
├── test_security_updated.php ❌ No organization
├── test_rate_limit.php ❌ Mixed with application code
├── create_test_db.php ❌ Test fixtures in root
├── Database_secure.php ❌ Duplicate code
├── Database.php ✓ Application code
└── RateLimit.php ✓ Application code
```
### After (Standard)
```
front-backend/
├── tests/ ✅ Dedicated test directory
│ ├── Fixtures/ ✅ Test data & setup
│ │ └── CreateTestDatabase.php
│ ├── Integration/ ✅ Multi-component tests
│ │ └── SearchTest.php
│ ├── Security/ ✅ Security validation
│ │ └── SecurityTest.php
│ ├── Unit/ ✅ Individual component tests
│ │ └── RateLimitTest.php
│ └── README.md ✅ Test documentation
├── run-tests.php ✅ Convenient test runner
├── .gitignore ✅ Excludes cache, logs, etc.
├── Database.php ✓ Application code
└── RateLimit.php ✓ Application code
```
---
## Benefits Achieved
### ✅ Production Safety
- **Tests excluded from deployment** via `justfile`
- **No test code in production** - cleaner, more secure
- **Smaller deployment size** - only application code deployed
### ✅ Better Organization
- **Clear separation** - tests vs application code
- **Logical grouping** - unit, integration, security, fixtures
- **Standard structure** - other PHP developers will understand immediately
### ✅ Easier Testing
- **Single command** - `php run-tests.php` runs everything
- **Individual tests** - `php tests/Security/SecurityTest.php` for specific tests
- **Better output** - formatted test results with summary
### ✅ Future-Ready
- **PHPUnit compatible** - directory structure ready for migration
- **CI/CD ready** - easy to integrate with GitHub Actions, etc.
- **Scalable** - easy to add new tests in proper categories
---
## Running Tests
### Run All Tests
```bash
cd /home/padlock/dev/posterg-website/front-backend
php run-tests.php
```
**Output:**
```
╔════════════════════════════════════════════╗
║ Running Front-Backend Tests ║
╚════════════════════════════════════════════╝
┌─────────────────────────────────────────┐
│ Test Suite: Fixtures │
└─────────────────────────────────────────┘
✅ PASSED
┌─────────────────────────────────────────┐
│ Test Suite: Integration │
└─────────────────────────────────────────┘
✅ PASSED
┌─────────────────────────────────────────┐
│ Test Suite: Security │
└─────────────────────────────────────────┘
✅ PASSED
┌─────────────────────────────────────────┐
│ Test Suite: Unit │
└─────────────────────────────────────────┘
✅ PASSED
╔════════════════════════════════════════════╗
║ Test Summary ║
╠════════════════════════════════════════════╣
║ Total: 4 ║
║ Passed: 4 ✅ ║
║ Failed: 0 ║
╚════════════════════════════════════════════╝
✅ All tests passed!
```
### Run Individual Tests
```bash
# Setup test database
php tests/Fixtures/CreateTestDatabase.php
# Run specific test suite
php tests/Integration/SearchTest.php
php tests/Security/SecurityTest.php
php tests/Unit/RateLimitTest.php
```
---
## Deployment Configuration
### Updated `justfile`
The deployment now excludes test files:
```just
[group('deploy')]
deploy:
rsync -vur --progress \
--exclude '*.db' \
--exclude 'tests/' \
--exclude 'cache/' \
--exclude '*.md' \
--exclude 'run-tests.php' \
./front-backend/ posterg:/var/www/html/
```
**What's Excluded:**
- `tests/` - All test files
- `*.db` - Test databases
- `cache/` - Runtime cache (rate limiting)
- `*.md` - Documentation files
- `run-tests.php` - Test runner
**What's Deployed:**
- Application code (`.php` files)
- Assets (`assets/` directory)
- Templates (`inc/` directory)
- Public pages (`index.php`, `search.php`, etc.)
### New `.gitignore`
```gitignore
/vendor/
/cache/
*.db
*.log
.env
.env.local
```
---
## Test Organization Explained
### 1. Fixtures (`tests/Fixtures/`)
**Purpose:** Test data setup and database initialization
**Files:**
- `CreateTestDatabase.php` - Creates test.db with sample theses
**When to run:** Before running other tests
### 2. Integration Tests (`tests/Integration/`)
**Purpose:** Test multiple components working together
**Files:**
- `SearchTest.php` - Full search functionality with filters
**What it tests:**
- Full-text search
- Year filtering
- Orientation filtering
- AP program filtering
- Keyword search
- Combined filters
- Pagination
### 3. Security Tests (`tests/Security/`)
**Purpose:** Verify security measures are working
**Files:**
- `SecurityTest.php` - All security validations
**What it tests:**
- Wildcard injection prevention
- Input length validation (max 200 chars)
- Year range validation (1900-2100)
- SQL injection prevention
- Pagination limits (max 100/page)
### 4. Unit Tests (`tests/Unit/`)
**Purpose:** Test individual components in isolation
**Files:**
- `RateLimitTest.php` - Rate limiting functionality
**What it tests:**
- Request tracking
- Limit enforcement (5 requests in test, 30 in production)
- Reset time calculation
- Header generation
---
## Comparison with Professional Projects
| Aspect | This Project | Laravel/Symfony | Status |
|--------|--------------|-----------------|--------|
| Test directory | `tests/` | `tests/` | ✅ Match |
| Test organization | Unit/Integration/Security | Unit/Feature | ✅ Good |
| Test framework | PHP scripts | PHPUnit | ⚠️ Can migrate |
| Deployment exclusion | Via rsync | Via .deployignore | ✅ Works |
| Runner | Custom script | `composer test` | ⚠️ Can improve |
| CI/CD | Manual | GitHub Actions | ⚠️ Future |
**Current Status:** Following PHP conventions, ready for growth
**Future Migration Path:** Can easily migrate to PHPUnit when needed
---
## Next Steps (Optional)
### For Small Projects (Current Approach is Fine)
- ✅ Keep using simple PHP test scripts
- ✅ Run `php run-tests.php` before deploying
- ✅ Tests are properly organized and excluded
### To Upgrade to PHPUnit (When Project Grows)
1. **Install PHPUnit:**
```bash
composer require --dev phpunit/phpunit
```
2. **Convert tests to PHPUnit format:**
```php
// Instead of:
echo "Test result: " . ($result ? "✅" : "❌") . "\n";
// Use:
$this->assertTrue($result);
```
3. **Add `phpunit.xml` configuration**
4. **Run with:** `composer test`
See `TESTING_BEST_PRACTICES.md` for complete migration guide.
---
## Files Created/Modified
### New Files
- ✅ `tests/` directory structure
- ✅ `tests/README.md` - Test documentation
- ✅ `run-tests.php` - Test runner script
- ✅ `.gitignore` - Git exclusions
### Moved Files
- ✅ `test_search.php` → `tests/Integration/SearchTest.php`
- ✅ `test_security_updated.php` → `tests/Security/SecurityTest.php`
- ✅ `test_rate_limit.php` → `tests/Unit/RateLimitTest.php`
- ✅ `create_test_db.php` → `tests/Fixtures/CreateTestDatabase.php`
### Updated Files
- ✅ All test files (updated `require_once` paths)
- ✅ `justfile` (added test exclusions)
### Removed Files
- ✅ `test_security.php` (obsolete, replaced by SecurityTest.php)
- ✅ `Database_secure.php` (obsolete, functionality in Database.php)
---
## Summary
**Organized** - Tests follow PHP conventions
**Secure** - Tests excluded from production
**Convenient** - Single command to run all tests
**Documented** - README explains structure
**Scalable** - Easy to add new tests
**Future-ready** - Can migrate to PHPUnit later
**All tests passing:** 4/4 ✅
**Ready for production deployment!**
Reference in New Issue View Git Blame Copy Permalink